I am finally getting back to this issue. Following your instructions
gets a generic certificate on the server so that it will do SSL, but you
get a certificate error every time you access the page. I have never
gotten even close to that using the fragmented bits of information on
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html - but that may be
because I have been trying to use a commercial certificate instead of
generating a generic one. Thanks for your help with a much clearer set
of step-by-step instructions (sequential; the tomcat docs are more
random access).
I already have a GeoTrust certificate for this server, installed on IIS
months ago, so theoretically I should be able to apply it to the Tomcat
server. I can't get another from them for the same FQDN, anyway, unless
it has to be converted to some other format which I doubt.
I followed the instructions on GeoTrust web on how to export the
certificate from IIS and convert it for apache, which yielded two files
key.pem and cert.pem. Of course that does not fit into Tomcat, only
Apache. Next I followed their instructions (in a completely different
part of their web site) for Tomcat which involve downloading a root cert
and an intermediate cert and creating a keystore with those plus the
purchased SSL cert. When I install that file the Tomcat server
generates a bazillion copies of this error in the catalina log:
SEVERE: Endpoint [SSL:
ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=8443]] ignored
exception: java.net.SocketException: SSL handshake
errorjavax.net.ssl.SSLException: No available certificate or key
corresponds to the SSL cipher suites which are enabled.
java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException:
No available certificate or key corresponds to the SSL cipher suites
which are enabled.
at
org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocke
tFactory.java:113)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.
java:407)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow
erWorkerThread.java:70)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:684)
at java.lang.Thread.run(Thread.java:595)
Feb 7, 2008 7:24:36 PM org.apache.tomcat.util.net.PoolTcpEndpoint
acceptSocket
WARNING: Reinitializing ServerSocket
I guess I will have to contact the certificate source directly and find
out what they forgot to include in the instructions on the web site.
Ultimately we do not want every user to have to fight their way past the
bad certificate warning to get in.
Christopher Strauss, Ph.D.
Call Tracking Administration Manager
University of North Texas Computing & IT Center
http://itsm.unt.edu/
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:[EMAIL PROTECTED] On Behalf Of William H. Will Du Chene
Sent: Thursday, February 07, 2008 11:37 AM
To: arslist@ARSLIST.ORG
Subject: Re: Apache vs IIS
I never said "easy to administer." What I did say was "simple to
configure." Obviously, there is some room for interpretation there.
"...how the @()[EMAIL PROTECTED] do you get the damn thing to do SSL.."
Fair question. It deserves a fair answer. Here is a tutorial that took
me
all of about 20 minutes to put together.
<Tomcat + SSL Tutorial>
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
